Malware in internallib_v907
Malware discovered in the npm package internallib_v907. Systems with this package installed are considered fully compromised and require immediate remediation.
- Disclosed
- Last updated
- Blast radius
- Any system with the package installed or running
- Ecosystems
- Attack vectors
- Affected entities
- internallib_v907
A malicious npm package named internallib_v907 has been identified and published to the npm registry. The package contains malware that grants full control of affected systems to an outside entity.\n\nAny computer with this package installed or running should be considered fully compromised. The advisory recommends immediate rotation of all secrets and keys from a different, unaffected computer. While the package should be removed, complete removal of all malicious software cannot be guaranteed due to the level of system compromise.\n\nThis incident was disclosed via GitHub Advisory GHSA-4jf7-q8jf-84cg on 2026-07-15.
Indicators of compromise
- Packages
- internallib_v907
Remediation
- Immediately identify all systems with internallib_v907 installed
- Isolate affected systems from the network
- Rotate all secrets, keys, and credentials from a clean, unaffected computer
- Remove the internallib_v907 package from all affected systems
- Perform forensic analysis to identify any additional malicious software installed
- Monitor affected systems for signs of compromise or persistence mechanisms
- Consider full system rebuild or replacement as the package may have granted full control to attackers
Sources
- GitHub Advisory GHSA-4jf7-q8jf-84cg · GitHub Advisory Database
Cite this entry
"Malware in internallib_v907." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed July 15, 2026; last updated July 16, 2026. https://supplychainattack.org/incident/malware-in-internallib-v907-1dlyff
Suggest a correction
Found an error or have a newer source? Corrections to factual errors take priority over new entries.
Related incidents
- activecritical
Malware in sauruslord-baileys
The npm package sauruslord-baileys contains malware that grants full control of affected systems. Any computer with this package installed or running should be considered fully compromised.
npmCompromised package - containedcritical
AsyncAPI npm packages infected with credential-stealing malware
Five malicious versions of AsyncAPI npm packages were published in a supply-chain attack delivering a remote access trojan with credential-stealing capabilities. The attack compromised the npm package registry with info-stealing malware.
npmCompromised package - resolvedcritical
Malicious code in rhynpm (npm)
The npm package rhynpm was found to contain malicious code. The package was identified by the OpenSSF malicious packages project and reported via GitHub Security Advisory GHSA-5jr8-4283-75xm.
npmCompromised package - resolvedcritical
Malicious code in angylarjs (npm)
Malicious code was discovered in the angylarjs npm package. The package was identified by the OpenSSF malicious-packages project and reported via GitHub Security Advisory GHSA-qqc2-6x9j-cm25.
npmCompromised package